1. Technical Field
The present invention relates to a method for managing keys of digital assets, in particular, to a method for generating hierarchical keys of digital assets.
2. Background Art
In recent years, many aspects of the daily lives of people have gone digital. In order to protect digital assets, cryptography has been widely used, and thus leading to the need of cryptographic key management. Since the amount of digital assets to be protected is constantly growing, the management of cipher keys is a challenge.
Cipher key management includes three basic features: (1) key generation: generating secure cipher keys for digital assets; (2) key storage: storing the cipher keys in a secure manner; and (3) key distribution: delivering the cipher keys to the legal users.
An example of key management is described below. Suppose that in a mature and reliable e-learning system, all lectures (teaching materials) should be ciphered with different keys, and all authorized users who have paid for these lectures should get the keys to the lectures. In a conventional method, a key management system first generates keys for each lecture, and then stores all of the keys in a database. When a user has paid for some assets, the key management system delivers the corresponding asset keys to the user.
The conventional key management system usually works well, but as the amount of digital assets becomes excessive, cipher key management can become quite costly. For example, if there are 100,000 lectures in the e-learning system, and a user subscribes and pays for 20,000 lectures therein, then 20,000 keys corresponding to these lectures should be securely delivered to the user. There are two possible ways to deliver these keys: (1) delivering the 20,000 keys in advance; and (2) delivering the key whenever the user needs. Obviously, the former is not flexible, since these lectures may be upgraded later, and there may be some supplemental lectures or some lectures may be combined, these changes cannot be automatically reflected in the 20,000 keys the user has already got, i.e., the user may not get those changed lectures. Compared to this, though the latter does not have the above disadvantages, it is quite costly, since a user may request up to 20,000 times in order to fetch all these keys.
There are two predominant kinds of key management systems in the protection of digital media: Conditional Access (CA) system for pay-TV and Digital Rights Management (DRM) system for the Internet. In CA systems, there is only one key for all the programs within one month, except for some special pay-per-view programs, so the user cannot subscribe to the programs for, e.g., a single day or even a single hour. CA thus lacks flexibility. In DRM systems, each time a user buys a content, the server retrieves the key of the content, but when the volume of users and assets becomes excessively large, the load on the server becomes quite heavy. A main problem of both CA and DRM systems is that they focus on the key storage and distribution, not the key generation.